What's New in Microsoft Defender for Identity in August 2022

Reading Time: 2 minutes

Microsoft Defender for Identity

Microsoft Defender for Identity helps Active Directory admins defend against advanced persistent threats (APTs) targeting their Active Directory Domain Services infrastructures.

It is a cloud-based service, where agents on Domain Controllers provide signals to Microsoft's Machine Learning (ML) algorithms to detect and report on attacks. Its dashboard allows Active Directory admins to investigate (potential) breaches related to advanced threats, compromised identities and malicious insider actions.

Microsoft Defender for Identity was formerly known as Azure Advanced Threat Protection (Azure ATP) and Advanced Threat Analytics (ATA).

What’s New

In August 2022, three new versions of Microsoft Defender for Identity were released:

  1. Version 2.186, released on August 10, 2022
  2. Version 2.187, released on August 18, 2022
  3. Version 2.188, released on August 28, 2022

These releases introduced the following functionality:

Health Alerts with FQDNs instead of NetBIOS names

Since version 2.187, health alerts will now show the Microsoft Defender for Identity sensor's fully qualified domain name (FQDN) instead of the NetBIOS name.

New Health Alerts

Since version 2.187, new health alerts are available for capturing component type and configuration. A full overview of all Microsoft Defender for Identity sensor health alerts is available here.

Logic Behind Suspected DCSync Attack detections

Since version 2.187, Microsoft changed some of the logic behind how the Suspected DCSync attack (replication of directory services) (external ID 2006) alert is triggered. This detector now covers cases where the source IP address seen by the sensor appears to be a NAT device.

IMPROVEMENTS AND BUG FIXES

All August 2022 Defender for Identity versions releases include improvements and bug fixes for the internal sensor infrastructure.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.